Privacy

Privacy Policy

This policy explains how Star Tarot handles personal data, ritual content, and analytics signals so every reading remains sacred.

Last updated
2025-11-16

Data Scope

What we collect

We collect only the details required to power the Star Tarot experience—account credentials, billing references, tarot prompts, spread selections, and device diagnostics for debugging.

Sensitive rituals remain encrypted at rest. Optional fields (such as journal reflections) stay local until you explicitly sync them to the workspace.

  • Account basics: display name, email, locale preference, and sign-in events.
  • Tarot activity: intent questions, spread ids, draw sequences, and resonance feedback.
  • Usage diagnostics: anonymised device type, latency metrics, and crash traces.

Processing

How we use your data

Data powers intent suggestions, spread recommendations, and the AI narration that animates your reading. We also aggregate anonymised telemetry to maintain stability across browsers and devices.

Retention follows the lifetime of your account. You may request deletion at any time and we will purge active services plus backups within 30 days, except where law requires longer retention.

  • Tailor rituals: surface relevant spreads and shuffle cues based on your history.
  • Safeguard quality: analyse latency, crash patterns, and abuse signals to keep the platform calm and secure.

Control

Your choices & rights

You can review or export ritual history, update consent preferences, and disable analytics from workspace settings. Contact us to rectify, restrict, or erase remaining records.

We respond to verified requests within 15 working days. Identity confirmation may require a signed statement to keep readings private.

Third Parties

When data is shared

We rely on vetted infrastructure vendors (hosting, observability, payment) bound by data-processing agreements. They may only process information to deliver the contracted service.

We never sell tarot data. If law enforcement presents a lawful request, we will notify you whenever allowed and share only what is required.

Security

Protecting your ritual

Transport Layer Security (TLS 1.3), encrypted storage, role-based access, and regular penetration tests ensure that only trusted systems interact with your readings.

If we detect a breach, we will notify affected accounts, outline mitigation steps, and provide follow-up status updates.

Updates

Policy updates & contact

Significant changes will be announced in the changelog and via in-app notices at least 7 days before they take effect.

Questions or requests can be sent to privacy@startarot.app. Please include the email tied to your workspace so we can help quickly.